General
-
Target
0d1fa230547e8327115e01b3f5956133_JaffaCakes118
-
Size
498KB
-
Sample
240328-xb5h5sdc7s
-
MD5
0d1fa230547e8327115e01b3f5956133
-
SHA1
a2942ed55a16fd4b0ca9ac6b7552fbeb5509ecb7
-
SHA256
8e3e00075143d3fd621479fb61188c41560186ce1877e83e9d1e938b866adef6
-
SHA512
7dd223bb25b6ad0f7ec0beb6880ba0fc29404cae8f5548745172f7ae04abe34668e4b3183f3869c4dabf4fcd7fd512976363d4909bd9156b47625598e259a414
-
SSDEEP
6144:FuxpYkSlNpfOCgxdx1ZcGv9WMPznQIGHnmC7I85eVmftpQ6cxHn8eI+mOmFzivqb:F35OCgLxbZvTgzEeqmf3Q7vsFz2qb
Static task
static1
Behavioral task
behavioral1
Sample
0d1fa230547e8327115e01b3f5956133_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0d1fa230547e8327115e01b3f5956133_JaffaCakes118.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.mail.ru - Port:
587 - Username:
Businessgroup84@mail.ru - Password:
xxxlahot2
Targets
-
-
Target
0d1fa230547e8327115e01b3f5956133_JaffaCakes118
-
Size
498KB
-
MD5
0d1fa230547e8327115e01b3f5956133
-
SHA1
a2942ed55a16fd4b0ca9ac6b7552fbeb5509ecb7
-
SHA256
8e3e00075143d3fd621479fb61188c41560186ce1877e83e9d1e938b866adef6
-
SHA512
7dd223bb25b6ad0f7ec0beb6880ba0fc29404cae8f5548745172f7ae04abe34668e4b3183f3869c4dabf4fcd7fd512976363d4909bd9156b47625598e259a414
-
SSDEEP
6144:FuxpYkSlNpfOCgxdx1ZcGv9WMPznQIGHnmC7I85eVmftpQ6cxHn8eI+mOmFzivqb:F35OCgLxbZvTgzEeqmf3Q7vsFz2qb
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-